Prior to providing information security architecture guidance for your information system, you must look at your organization's regulatory and compliance requirements, making sure that you are building a set of security requirements that results in a secure and compliant information system.

The compliance requirements that an organization needs to follow have a significant effect on the overall shaping of an information system. The requirements imposed by various laws and compliance frameworks vary depending on the law and the framework, and it is critically important that you understand your framework in order to ensure that your organization can successfully continue to do business.

The services provided by your information system have a great deal to do with the potential mix of compliance requirements that your system must adhere to.

For example, take the example of a POS system located within a gift shop of a US federal government facility:

• In this case, an organization would typically be responsible for adhering to the compliance standards associated with the following:
  • Federal Information Security Modernization Act: Because they are a US federal government agency
  • Payment Card Industry Data Security Standard: Because they accept credit cards

• In this case, there is a stacking of compliance standards, which brings in complexity and special considerations from an information security architecture perspective.